CVE Vulnerabilities

CVE-2008-7124

Improper Authentication

Published: Aug 31, 2009 | Modified: Sep 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

zKup CMS 2.0 through 2.3 does not require administrative authentication for admin/configuration/modifier.php, which allows remote attackers to gain administrator privileges via a direct request, as demonstrated by adding a new administrator.

Weakness

When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Zkup Zkup 2.0 2.0
Zkup Zkup 2.01 2.01
Zkup Zkup 2.02 2.02
Zkup Zkup 2.03 2.03

Potential Mitigations

References